LifeLock Blog

A new Act has gone into effect as part of the U.S. Department of Health & Human Services, the Health Information Technology for Economic, and Clinical Health (HITECH) Act. According to this Act insurance providers that don’t use the HHS-approved techniques of encrypting and protecting data will be forced to notify individuals within 60 days of a data breach. If the breach affects for than 500 people the breach must be reported to the HHS and to the media.

The Act later goes on to say that “healthcare companies must publicly disclose data breaches only if the breach threatens significant financial or reputational harm to the individuals affected.” The HHS decides whether or not the threat is significant enough to inform the press and make the data breach public.

I feel this law will aid in forcing companies to protect their data better and making them release information about their data breaches. I only hope that the HHS policies on data encryption and security are tight enough to keep people out. If they are not then the law will help protect companies from having to release information about their data breaches. After all the HHS gets to decide what to disclose and what to keep from the public. I feel it could be a step in the right direction to keeping insurance information just a little bit safer.

Tags: data breach, data breach notification law

This entry was posted on Tuesday, October 6th, 2009 at 10:42 am and is filed under data breach. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.